7 Questions to Ask your Pen-Testing vendor

In recent months, data breaches and unsecured data stories concerning major companies have dominated the news – so what can businesses do to protect themselves?

A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).

Pen testing can involve the attempted breaching of any number of application systems, (e.g., application protocol interfaces (APIs), frontend/backend servers) to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.

Insights provided by the penetration test can be used to fine-tune your WAF security policies and patch detected vulnerabilities.

We’ve put together 7 essential Questions you should ask any potential penetration testing vendor:

This slideshow requires JavaScript.

“The key to success is in putting in multiple layers of defence, such as strong encryption of the credentials, limiting the number of records that can be read in a given timeframe.”

Deeper and multilayered defences make it harder for attackers to get to your data, even if you were compromised.

How to rebuild all indexes in all databases

DECLARE @Database VARCHAR(255)   
DECLARE @Table VARCHAR(255)  
DECLARE @cmd NVARCHAR(500)  
DECLARE @fillfactor INT 

SET @fillfactor = 90 

DECLARE DatabaseCursor CURSOR FOR  
SELECT name FROM master.dbo.sysdatabases   
WHERE name NOT IN ('master','msdb','tempdb','model','distribution')   
ORDER BY 1  

OPEN DatabaseCursor  

FETCH NEXT FROM DatabaseCursor INTO @Database  
WHILE @@FETCH_STATUS = 0  
BEGIN  

   SET @cmd = 'DECLARE TableCursor CURSOR FOR SELECT ''['' + table_catalog + ''].['' + table_schema + ''].['' + 
  table_name + '']'' as tableName FROM [' + @Database + '].INFORMATION_SCHEMA.TABLES 
  WHERE table_type = ''BASE TABLE'''   

   -- create table cursor  
   EXEC (@cmd)  
   OPEN TableCursor   

   FETCH NEXT FROM TableCursor INTO @Table   
   WHILE @@FETCH_STATUS = 0   
   BEGIN   

       IF (@@MICROSOFTVERSION / POWER(2, 24) >= 9)
       BEGIN
           -- SQL 2005 or higher command 
           SET @cmd = 'ALTER INDEX ALL ON ' + @Table + ' REBUILD WITH (FILLFACTOR = ' + CONVERT(VARCHAR(3),@fillfactor) + ')' 
           EXEC (@cmd) 
       END
       ELSE
       BEGIN
          -- SQL 2000 command 
          DBCC DBREINDEX(@Table,' ',@fillfactor)  
       END

       FETCH NEXT FROM TableCursor INTO @Table   
   END   

   CLOSE TableCursor   
   DEALLOCATE TableCursor  

   FETCH NEXT FROM DatabaseCursor INTO @Database  
END  
CLOSE DatabaseCursor   
DEALLOCATE DatabaseCursor

Developers vs. Quality Control and Assurance

Developers see the world in different colours compared to the QA people

How developers fix bugs (defects) from the QA viewpoint

Software Fix 1 Software Fix 2 Software Fix 2
This should hold us over. It worked yesterday. This is designed according to specification.
Software Fix 4 Software Fix 5 Software fix 6
This is a good fix. It will work this way. Here you go.
Software Fix 7 Software Fix 8 Software fix 9
It will work until the next release. It must be a hardware problem. I did my best.

Top 20 replies by Programmers to Testers when their programs don’t work:

20. “That’s weird…”
19. “It’s never done that before.”
18. “It worked yesterday.”
17. “How is that possible?”
16. “It must be a hardware problem.”
15. “What did you type in wrong to get it to crash?”
14. “There is something funky in your data.”
13. “I haven’t touched that module in weeks!”
12. “You must have the wrong version.”
11. “It’s just some unlucky coincidence.”
10. “I can’t test everything!”
9. “THIS can’t be the source of THAT.”
8. “It works, but it hasn’t been tested.”
7. “Somebody must have changed my code.”
6. “Did you check for a virus on your system?”
5. “Even though it doesn’t work, how does it feel?
4. “You can’t use that version on your system.”
3. “Why do you want to do it that way?”
2. “Where were you when the program blew up?”
1. “It works on my machine”